summaryrefslogtreecommitdiffstats
path: root/tests/py/any/tcpopt.t.payload
Commit message (Collapse)AuthorAgeFilesLines
* src: add tcp option reset supportFlorian Westphal2022-02-281-0/+12
| | | | | | | This allows to replace a tcp option with nops, similar to the TCPOPTSTRIP feature of iptables. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: py: add tcp subtype match test casesFlorian Westphal2021-12-011-0/+21
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: py: add test cases for md5sig, fastopen and mptcp mnemonicsFlorian Westphal2021-12-011-0/+14
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: remove KIND keywordFlorian Westphal2021-12-011-17/+12
| | | | | | | | | | | | | | | | tcp option <foo> kind ... never makes any sense, as "tcp option <foo>" already tells the kernel to look for the foo <kind>. "tcp option sack kind 5" matches if the sack option is present; its a more complicated form of the simpler "tcp option sack exists". "tcp option sack kind 1" (or any other value than 5) will never match. So remove this. Test cases are converted to "exists". Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: bogus assertion on undefined optionsPablo Neira Ayuso2021-08-111-0/+5
| | | | | | | | | | # nft add rule x y tcp option 6 exists # nft list ruleset nft: tcpopt.c:208: tcpopt_init_raw: Assertion `expr->exthdr.desc != NULL' failed. Aborted Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1557 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* exthdr: remove tcp dependency for tcp option matchingFlorian Westphal2021-01-261-60/+0
| | | | | | Kernel won't search for tcp options in non-tcp packets. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: py: remove duplicate payloads.Jeremy Sowden2020-11-091-336/+0
| | | | | | | | | nft-test.py only needs one payload per rule, but a number of rules have duplicates, typically one per address family, so just keep the last payload for rules listed more than once. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
* tcp: add raw tcp option match supportFlorian Westphal2020-11-091-0/+7
| | | | | | tcp option @42,16,4 (@kind,offset,length). Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: allow to check for presence of any tcp optionFlorian Westphal2020-11-091-49/+4
| | | | | | | | | | | | | nft currently doesn't allow to check for presence of arbitrary tcp options. Only known options where nft provides a template can be tested for. This allows to test for presence of raw protocol values as well. Example: tcp option 42 exists Signed-off-by: Florian Westphal <fw@strlen.de>
* tcpopt: rename noop to nopFlorian Westphal2020-11-091-15/+1
| | | | | | | 'nop' is the tcp padding "option". "noop" is retained for compatibility on parser side. Signed-off-by: Florian Westphal <fw@strlen.de>
* parser: merge sack-perm/sack-permitted and maxseg/mssFlorian Westphal2020-11-091-6/+6
| | | | | | | | | | | | | | | | | | | | | | One was added by the tcp option parsing ocde, the other by synproxy. So we have: synproxy ... sack-perm synproxy ... mss and tcp option maxseg tcp option sack-permitted This kills the extra tokens on the scanner/parser side, so sack-perm and sack-permitted can both be used. Likewise, 'synproxy maxseg' and 'tcp option mss size 42' will work too. On the output side, the shorter form is now preferred, i.e. sack-perm and mss. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/py: Move tcpopt.t to any/ directoryPhil Sutter2020-03-101-0/+603
Merge tcpopt.t files in ip, ip6 and inet into a common one, they were just marignally different. Signed-off-by: Phil Sutter <phil@nwl.cc>